saslauthd problems

Greg Groth ggroth at gregs-garage.com
Tue Feb 28 13:48:52 EST 2006 

I'm having difficulty getting saslauthd to check passwords against the 
system accounts.  System is a fresh install of FreeBSD 6.0 using Sendmail.

Sendmail was installed as part of the base FreeBSD install and 
recompiled with the following added to /etc/make.conf

SENDMAIL_CFLAGS=-I/usr/local/include -DSASL=2
SENDMAIL_LDFLAGS=-L/usr/local/lib
SENDMAIL_LDADD=-lsasl2

The following was added to my mc file, compiled, installed and restarted:

define(`confAUTH_MECHANISMS',`PLAIN LOGIN')dnl
TRUST_AUTH_MECH(`PLAIN LOGIN')dnl

checking the Sendmail version gives me the following:

ns1# sendmail -d0.1 < /dev/null
Version 8.13.4
  Compiled with: DNSMAP LOG MAP_REGEX MATCHGECOS MILTER MIME7TO8 MIME8TO7
                 NAMED_BIND NETINET NETINET6 NETUNIX NEWDB NIS 
PIPELINING SASLv2
                 SCANF STARTTLS TCPWRAPPERS USERDB XDEBUG

============ SYSTEM IDENTITY (after readcf) ============
       (short domain name) $w = ns1
   (canonical domain name) $j = ns1.prisminnovations.com
          (subdomain name) $m = prisminnovations.com
               (node name) $k = ns1.prisminnovations.com
========================================================

cyrus-sasl & cyrus-sasl-authd were compiled using the ports using no 
additional flags.  Checking the versions gives me the following:

ns1# pkg_info -Ix sasl
cyrus-sasl-2.1.21   RFC 2222 SASL (Simple Authentication and Security Layer)
cyrus-sasl-saslauthd-2.1.21 SASL authentication server for cyrus-sasl2

I have added 'saslauthd_enable="YES"' to /etc/rc.conf and have verified 
that it is running.

contents of /usr/local/lib/sasl2/Sendmail.conf are as follows:

pwcheck_method: saslauthd

telnetting to localhost gives me the following:

ns1# telnet localhost 25
Trying 127.0.0.1...
Connected to localhost.prisminnovations.com.
Escape character is '^]'.
220 ns1.prisminnovations.com ESMTP Sendmail 8.13.4/8.13.4; Tue, 28 Feb 
2006 12:21:41 -0600 (CST)
ehlo localhost
250-ns1.prisminnovations.com Hello localhost.prisminnovations.com 
[127.0.0.1], pleased to meet you
250-ENHANCEDSTATUSCODES
250-PIPELINING
250-8BITMIME
250-SIZE
250-DSN
250-ETRN
250-AUTH PLAIN LOGIN
250-DELIVERBY
250 HELP

As far as I can tell, I have everything as it should be.  However when I 
try to send an email, I get the following:

Feb 26 23:42:16 ns1 sm-mta[1783]: NOQUEUE: connect from 
node-40241be2.mdw.onnet.us.uu.net [64.36.27.226]
Feb 26 23:42:16 ns1 sm-mta[1783]: AUTH: available mech=NTLM LOGIN 
ANONYMOUS PLAIN GSSAPI OTP DIGEST-MD5 CRAM-MD5, allowed mech=PLAIN LOGIN
Feb 26 23:42:16 ns1 sm-mta[1783]: k1R5gGCB001783: Milter: no active filter
Feb 26 23:42:17 ns1 sm-mta[1783]: k1R5gGCB001783: ruleset=check_rcpt, 
arg1=<ggroth at gregs-garage.com>, relay=node-40241be2.mdw.onnet.us.uu.net 
[64.36.27.226], reject=550 5.7.1 <ggroth at gregs-garage.com>... Relaying 
denied. Proper authentication required.

 From googling around for a solution, I have tried to rectify this by 
adding a symlink /usr/lib/sasl2/ that points to /usr/local/lib/sasl2/ 
(where it's installed by the FreeBSD port) to no avail.

I have also tried adding sasl_saslauthd_flags="-a getpwent" to rc.conf 
with the same result.  Could anyone help me with what I should be 
looking at next?  I'm at a loss at this point.

TIA
Greg Groth

More information about the Cyrus-sasl mailing list